The invention relates to a method and an authentication server for subscriber-specific activation of network-based mobility management, in particular with WiMAx networks.
The Internet with TCP/IP protocol provides a platform for the development of higher protocols for the mobile field. As Internet protocols are widespread, a wide range of users may be accessible with corresponding protocol extensions for mobile environments. Conventional Internet protocols were, however, originally not designed for mobile use. In packet switching of the conventional Internet, the packets are exchanged between stationary computers which neither alter their network address nor move between different subnetworks. In radio networks with mobile computers, mobile computers MS are frequently integrated in different networks. The DHCP (Dynamic Host Configuration Protocol) permits the dynamic allocation of an IP address and further configuration parameters to a computer in a network by a corresponding server. A computer which is integrated in a network automatically receives a free IP address allocated by the DHCP protocol. If a mobile computer has DHCP installed, it merely has to come into the range of a local network, which supports the configuration via the DHCP protocol. With the DHCP protocol a dynamic address assignment is possible, i.e. a free IP address is automatically allocated for a specific time. After this period of time has passed, the request either has to be made again by the mobile computer or the IP address may be allocated elsewhere.
With DHCP, a mobile computer may be integrated in a network without manual configuration. As a prerequisite, only a DHCP server has to be available. A mobile computer may thus use services of the local network and, for example, use centrally stored data files. If a mobile computer, however, itself provides services, a potential service user may not find the mobile computer, as the IP address thereof is altered in each network in which the mobile computer is integrated. The same occurs when an IP address is altered during an existing TCP connection. This leads to the termination of the connection. Therefore, in mobile-IP, a mobile computer is allocated an IP address which it also retains in a different network. With conventional IP network change, it is necessary to adapt the IP address settings accordingly. A continuous adaptation of IP and routing configurations to the terminal is, however, almost impossible manually. With conventional automatic configuration mechanisms, the existing connection is interrupted with a change of IP address. The MIP protocol (RFC 2002, RFC 2977, RFC3344, RFC3846, RFC3957, RFC3775, RFC3776, RFC4285) supports the mobility of mobile terminals. With conventional IP protocols, the mobile terminal has to adapt its IP address each time when it changes the IP subnetwork, so that the data packets addressed to the mobile terminal are correctly routed. In order to maintain an existing TCP connection, the mobile terminal has to retain its IP address, as a change of address leads to an interruption of the connection. The MIP protocol removes this conflict, by allowing a mobile terminal and/or a mobile node (MN) to have two IP addresses. The MIP protocol permits a transparent connection between the two addresses, namely a permanent home address and a second temporary care-of-address. The care-of-address is the IP address at which the mobile terminal may be currently reached.
A home agent is a proxy of the mobile terminal, provided that the mobile terminal does not remain in the original home network. The home agent is continuously informed about the current location of the mobile computer. The home agent generally represents a component of a router in the home network of the mobile terminal. When the mobile terminal is located outside the home network, the home agent provides a function so that the mobile terminal is able to register. Then the home agent forwards the data packets addressed to the mobile terminal into the current subnetwork of the mobile terminal.
A foreign agent is located in the subnetwork in which the mobile terminal moves. The foreign agent forwards incoming data packets to the mobile terminal and/or to the mobile computer. The foreign agent is located in a so-called visited network. The foreign agent also generally represents a component of a router. The foreign agent routes all administrative mobile data packets between the mobile terminal and the home agent thereof. The foreign agent unpacks the tunneled IP data packets sent from the home agent and forwards the data thereof to the mobile terminal.
The home address of the mobile terminal is the address at which the mobile terminal may be permanently reached. The home address has the same address prefix as the home agent. The care-of-address is the IP address which uses the mobile terminal in the foreign network.
The home agent maintains a so-called MBT: mobility binding table. The entries in this table are used to assign the two addresses, i.e. the home address and the care-of-address of a mobile terminal to one another and to redirect the data packets accordingly. The MBT table contains entries about the home address, the care-of-address, and information about the period of time in which this assignment is valid (life time). FIG. 1 shows an example of a mobility binding table according to the related art.
The foreign agent (FA) contains a visitor list (VL: Visitor List) which contains information about the mobile terminals which are currently located in the IP network of the foreign agent. FIG. 2 shows an example of such a visitor list according to the related art.
So that a mobile computer may be integrated in a network, firstly it has to find out whether it is located in its home network or a foreign network. Additionally, the mobile terminal has to find out which computer is in the subnetwork of the home agent and/or the foreign agent. This information is communicated by so-called agent discovery.
As a result of the subsequent registration, the mobile terminal is able to communicate its current location to its home agent. To this end, the mobile computer and/or the mobile terminal sends the current care-of-address to the home agent. For registration, the mobile computer sends a registration request to the home agent. The home agent (HA) records the care-of-address in its list and responds with a registration response. In this case, however, there is a security problem. As, in principle, each computer may send a registration request to a home agent, it could be possible in a simple manner to pretend to a home agent that a computer has moved into a different network. Thus a foreign computer could accept all data packets of a mobile computer and/or mobile terminal, without a sender finding out. In order to prevent this, the mobile computer and the home agent use common secret keys. If a mobile computer returns to its home network, it deregisters with the home agent as the mobile computer from now on is itself able to accept all data packets. A mobile radio network must include the following security features. Information is only allowed to be made accessible for desired communication partners, i.e. undesired listeners are not allowed to obtain access to transmitted data. The mobile radio network, therefore, has to have the feature of confidentiality. In addition, authenticity has to be provided. The authenticity permits a communication partner to establish without doubt whether a communication has been actually established with a desired communication partner or whether a third party is pretending to be a communication partner. Authentications may be carried out for each message or for each connection. If authentication is carried out on the basis of connections, the communication partner is identified only once at the start of a session. For the further duration of the session, it is assumed that the following messages also originate from the corresponding sender. Even when the identity of a communication partner is certain, i.e. the communication partner is authenticated, the case may arise that this communication partner is not allowed to access all resources and/or is not allowed to use all services via the network. In this case, a corresponding authorization requires a previous authentication of the communication partner.
With mobile data networks, messages have to cover longer distances via air interfaces and thus may be easily reached by potential attackers. With mobile and wireless data networks, therefore, security aspects play a particular role. Coding technologies represent a substantial way to increase the security in data networks. It is possible by coding to transmit data via insecure communication paths, for example via air interfaces without unauthorized third parties obtaining access to the data. For coding, the data, i.e. the so-called plain text is transformed into ciphertext by a coding algorithm. The coded text may be transported via the insecure data transmission channel and subsequently decoded and/or deciphered.
As very promising wireless access technology, WiMax (Worldwide Interoperability for Microwave Access) is proposed as a new standard, which is used for radio transmission IEEE 802.16. With WiMax, a range of up to 50 km with data rates of over 100 Mbps is intended to be ensured for transmitting stations.
FIG. 3 shows a reference model for a WiMax radio network. A mobile terminal MS is located in the range of an access network (Access Serving Network, ASN). The access serving network ASN is connected via at least one visited network (Visited Connectivity Service Network VCSN) and/or intermediate network to a home network HCSN (Home Connectivity Service Network). The different networks are connected to one another via interfaces and/or reference points R. The home agent HA of the mobile station MS is located in the home network HCSN or in one of the visited networks VCSN.
WiMax supports two variants of mobile IP, so-called client MIP (CMIP), in which the mobile station itself implements the MIP client function, and proxy MIP (PMIP), in which the MIP client function is implemented by the WiMax access network. The functionality provided to this end in the ASN is denoted as Proxy Mobile Node (PMN) or as PMIP client. As a result, MIP may also be used with mobile stations which themselves do not support MIP.
FIG. 4 shows the connection setup in proxy MIP (PMIP) when the home agent is located in the visited network according to the related art.
After establishing a radio connection between the mobile terminal and a base station, initially an access authentication takes place. The function of the authentication, the authorization and the accounting takes place by so-called AAA servers (AAA: authentication authorization and accounting). Between the mobile terminal MS and the AAA-server of the home network (HAAA) authentication messages are exchanged by which the address of the home agent and an authentication key are obtained. The authentication server in the home network contains the profile data of the subscriber. The AAA server obtains an authentication request message, which contains a subscriber identity of the mobile terminal. The AAA server generates after successful access authentication an MSK key (MSK: master session key) for protecting the data transmission paths between the mobile terminal MS and the base station of the access network ASN. This MSK key is transmitted by the AAA server of the home network via the intermediate network CSN to the access network ASN.
After the access authentication, as visible in FIG. 4, the DHCP proxy server is configured in the access serving network ASN. If the IP address and host configuration is already contained in the AAA reply message, the entire information is downloaded into the DHCP proxy server.
After successful authentication and authorization, the mobile station and/or the mobile terminal MS sends a DHCP discovery message and an IP address allocation takes place.
If a mobile terminal is integrated in a network, the mobile terminal may have to be able to find out whether it is located in a home network or in a foreign network. Moreover, the mobile terminal has to find out which computer is in the respective network of the home agent and/or foreign agent. This information is detected by the so-called agent discovery. There are two types of agent discovery, namely so-called agent advertisement and agent solicitation.
With the agent advertisement, the agents, i.e. the home or foreign agents, periodically send broadcast messages to all computers and/or mobile terminals of the subnetwork. Each computer which listens to the broadcast messages in a specific time period, is therefore able to identify the agents in the respective subnetwork.
If a mobile terminal is activated again, it is generally not practical to wait for the next agent advertisement. The mobile terminal has to find out immediately in which subnetwork it is now located. With the so-called agent solicitation, therefore, the mobile terminal sends a request to all computers of the respective subnetwork, to implement an agent advertisement. The mobile terminal is able to insist by agent solicitation that the agents immediately disclose their identity so that the delay is considerably shortened. Agent solicitation is also then implemented, when an agent advertisement fails, for example in the event of packet loss or network change. Using the agent discovery, a mobile terminal may also establish whether it is located in its home network or in a foreign network. Using the packet information within an agent advertisement message, the mobile terminal identifies its home agent. If the mobile terminal receives message packets from a foreign network, it may additionally establish whether its location has altered since the last advertisement. If the mobile terminal receives no advertisement message, the mobile terminal initially assumes that it is located in the home network and the home agent is malfunctioning. The mobile terminal then attempts to make contact with the router of the network, in order to confirm this acceptance. If the mobile terminal is not located in its home network, it then attempts as a result to reach a DHCP server and to obtain an address of the subnetwork. If this is successful, the mobile terminal uses this address as a so-called colocated care-of-address and makes contact with the home agent. The colocated care-of-address is an address assigned to the mobile terminal in the foreign network, which is also transmitted to the home agent.
A differentiation is made between network-based mobility management (PMIP) and terminal-based mobility management (CMIP). With terminal-based mobility management CMIP, the terminal supports mobile-IP (MIP).
FIG. 4 shows the connection setup with conventional network-based mobility management (PMIP) whilst FIG. 5 represents the connection setup with conventional terminal-based mobility management (CMIP).
When establishing a connection between the mobile terminal and the network, the authentication server of the home network (H-AAA) sends an authentication confirmation message (SUCCESS) after successful authentication of the subscriber. The authentication confirmation message communicates to the authentication client that the authentication of the subscriber has been successfully completed. With proxy MIP and/or network-based mobility management (PMIP) the mobile terminal does not support mobile-IP and/or the corresponding MIP software is not activated in the mobile terminal. In contrast, with client MIP (CMIP) and/or with terminal-based mobility management, mobile-IP is supported by the respective terminal and/or the mobile station MS. With proxy MIP the mobile terminal only recognizes one IP address assigned by the DHCP server. The care-of-address of the mobile terminal is not known to the mobile terminal but to the PMIP client, the foreign agent as well as the home agent. In contrast, the mobile terminal with client MIP recognizes its two IP addresses, i.e. both the home address and also the care-of-address.
As is visible in FIGS. 4, 5, after the IP address allocation, MIP registration takes place. During the MIP registration, the home agent is informed about the current location of the mobile terminal. For its registration, the mobile terminal and/or the corresponding PMIP client sends a registration request to a home agent, which contains the current care-of-address. The home agent includes the care-of-address in a list managed thereby and replies with a registration reply. As, in principle, each computer is able to send a registration request to a home agent, it could be easily pretended to a home agent that a computer and/or a mobile terminal had moved into a different network. In order to prevent this, both the mobile terminal and the home agent use a common secret key, namely a so-called MIP key.
With proxy MIP (PMIP), the registration request MIPRRQ is transmitted from a PMIP client within the access network via a foreign agent to the home agent HA. The home agent HA has a key for the subscriber allocated by the associated authentication server H-AAA and transmits said key with the MIP registration reply as shown in FIG. 4.
With terminal-based mobility management (CMIP) the registration request message (MIPRRQ) is directed from the mobile terminal MS via the foreign agent directly to the home agent HA, as shown in FIG. 5.
With terminal-based mobility management (CMIP) a common mobile key has to be generated for the cryptographic protection of mobile signaling messages via the mobile terminal MS and the authentication server of the home network H-AAA, which subsequently protects the communication between the mobile terminal MS and the home agent. With network-based mobility management PMIP a common mobile key has to be generated by an authentication server via the PMIP client and the home agent HA. With a conventional system, network-based mobility management PMIP (Proxy MIP) is only used when the mobile terminal MS does not support terminal-based mobility management CMIP. When the home network of a mobile terminal MS in contrast to the mobile terminal itself provides no support for MIP, problems occur with the MIP configuration of the mobile terminal.